blake2b/blake2s support (#3116)
* blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index d0414ef..b0e9c16 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -117,6 +117,36 @@
SHA-512 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 512-bit message digest.
+BLAKE2
+~~~~~~
+
+`BLAKE2`_ is a cryptographic hash function specified in :rfc:`7693`.
+
+.. note::
+
+ While the RFC specifies keying, personalization, and salting features,
+ these are not supported at this time due to limitations in OpenSSL 1.1.0.
+
+.. class:: BLAKE2b(digest_size)
+
+ BLAKE2b is optimized for 64-bit platforms and produces an 1 to 64-byte
+ message digest.
+
+ :param int digest_size: The desired size of the hash output in bytes. Only
+ ``64`` is supported at this time.
+
+ :raises ValueError: If the ``digest_size`` is invalid.
+
+.. class:: BLAKE2s(digest_size)
+
+ BLAKE2s is optimized for 8 to 32-bit platforms and produces a
+ 1 to 32-byte message digest.
+
+ :param int digest_size: The desired size of the hash output in bytes. Only
+ ``32`` is supported at this time.
+
+ :raises ValueError: If the ``digest_size`` is invalid.
+
RIPEMD160
~~~~~~~~~
@@ -193,3 +223,4 @@
.. _`Lifetimes of cryptographic hash functions`: http://valerieaurora.org/hash.html
+.. _`BLAKE2`: https://blake2.net